SSL login

[blear]

 

Recently, my company has decided that session-based login isnt secure enough (Layoffs are coming, they probably expect lots of angry people) and have decided that encrypted login is necessary, even on internal networks.

 

Can someone please give me somewhere to start on implementing this? I have a pretty solid understanding of encryption in general, but the articles I have read are cryptic. Any help you can give me would be much <3'd

 

 

 

[boo_lolly]

security can be implimented on every level. you'll probably want to start with the first path of entry to your systems... your network. this isn't done in php, altho i'm sure you'd still like to know more about php security. i'd advise finding out what kind of servers your company runs, and go from there. if you're running apache, it is very easy to write apache mods to secure access priviledges to certain applications. i personally don't like Microsoft IIS, but it is relatively rich in customizable features.

[blear]

 

Network backbone is handled by a rather large company's IT personnel and with the exception of what I need to make my server work, I am not privy to any of its functionality. (we are not a small company by any means but the number crunchers figure it was a good idea yet whine about the network being junk, but I digress)

 

I am looking at specifically my server, and the login to the web portal I am responsible for. The server itself is secure, I am looking at the PhP scripts that access the data in my databases.

 

 

 

 

[boo_lolly]

so is your main concern preventing sql injection?

[blear]

 

 

My concern is having an encrypted login system. Does anyone have any information or point me to where I can find information on this? Such as SSL implementation?

 

[boo_lolly]

again, this would be done on the server level. if you're running apache, it can be done with an apache mod. google it.